1. Overview
  2. Sendent for Office
  3. Setting up Sendent for Office

Setting up Sendent for Office

Background

The Nextcloud instance in this example is hosted at cloud.example.com. As part of Sendent for Office, Sendent makes a custom DNS record for your organization available. This will be a CNAME DNS record, pointing towards your Nextcloud instance (cloud.example.com). Microsoft 365 Office Online will only communicate by the Sendent provided DNS record. In this example the DNS record provided by Sendent is xyz.wopi.sfo365.eu. The DNS record can be found by activating your Sendent for Office license key.

Because of that in order to setup Microsoft 365 Office for Web with your Nextcloud server, the following parts needs to be provided:

  • Sendent for Office in Nextcloud app store and enter a valid Sendent license key.

  • Setup your reverse-proxy to accept traffic from the Sendent provided DNS record, in this example: xyz.wopi.sfo365.eu .

  • Request an SSL certificate either through Let’s Encrypt or an alike service for your custom domain.

  • You are responsible for your own valid Microsoft 365 subscriptions for your users. Double check if your M365 plan offers Microsoft 365 Office for Web.

Nextcloud app

Install on your Nextcloud server “Sendent for Office” (LINK). This app within Nextcloud makes it possible to offer Microsoft 365 Office for Web.

Once installed, under Administrator Settings, open “Office Online”. This displays the following dialog. Enable Microsoft 365 Office Online.

Enter your Sendent license email and key.

image.png

Proxy configuration

We assume that the reverse-proxy configuration in our example is setup in NGINX. We start with the following configuration:

server {
    server_name cloud.example.com;
    location / {
        proxy_pass http://localhost:11000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
 
        # Websocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
    }
 
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = cloud.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
 
    listen      80;
    server_name cloud.example.com;
    return 404; # managed by Certbot
}

In this example our Nextcloud server runs at localhost:11000. In order to accept traffic from xyz.wopi.sfo365.eu the following configuration is added additionally.

server
{
    server_name xyz.wopi.sfo365.eu;
 
    # Only allow WOPI endpoints - block everything else
    location /apps/msofficeonline/wopi/ {
        proxy_pass http://localhost:11000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
 
        # Websocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
    }
 
    # Also allow the index.php WOPI routes (alternative path format)
    location ~ ^/index\.php/apps/msofficeonline/wopi/ {
        proxy_pass http://localhost:11000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
 
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
    }
    # Block all other paths - return 403 Forbidden
    location / {
        return 403 "WOPI endpoints only";
    }
 
    listen 443 ssl; # managed by Certbot
 
    ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem; # managed by Certbot
}
 
server {
    if ($host = xyz.wopi.sfo365.eu) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
 
    listen      80;
    server_name xyz.wopi.sfo365.eu;
    return 404; # managed by Certbot
}

Remarks

  1. Traffic for the Sendent provided domain should only be allowed to route towards /apps/msofficeonline/wopi/ .

  2. Depending on your Nextcloud server setup, index.php can be suppressed in the URL. If that is the case can remove the location block which contains index.php.

  3. Always setup HTTPS, in no situation is HTTP traffic supported.

Setup HTTPS

You can request an SSL certificate for your Nextcloud server on the assigned custom domain (in this example xyz.wopi.sfo365.eu) using Let’sEncrypt.

Last updated April 17, 2026
Was this article helpful?